RULES /

First of all, the aim of this challenge is not to find out who is the best team. We sincerely believe that true professionals are incomparable. The main goal of RuCTFE is to share experience and knowledge in the computer security and to have some fun together. Nevertheless, the luckiest team will become a winner.

It is difficult to give a complete set of rules for a CTF challenge, so these rules can change at any moment before the challenge starts. That is why we recommend you to check the rules on this site one more time before the competition starts. Just in case :)

DEFINITIONS /

TEAM /

A group of people with a captain.

SERVICE /

A vulnerable application written for the challenge.

FLAG /

A string that matches regex: /^\w{31}=$/.

GAME ROUND /

A period of time for checksystem to check and score all the teams. It usually takes about 2 minutes.

ORGANIZERS /

A group of people that run the whole competition. Organizers do their best to provide quality and fun to all participants. Still organizers are to penalize/disqualify teams for rules violation and to solve the critical situations not described in these rules. Teams should be prepared to meet such decisions with understanding. Also organizers do determine the winner. In general, this decision is based on the scoreboard.

TEAMS ARE ALLOWED TO /

Do whatever they want within their network segment. Most likely the team would like to patch vulnerabilities in their services or block exploitation of vulnerabilities;

Attack other teams. Didn't expect that, huh?

TEAMS ARE PROHIBITED TO /

Filter out other teams' traffic;

Generate large amount of traffic that poses a threat to network stability of organizers' facilities;

Generate large amount of traffic that poses a threat to network stability of any other team;

Attack teams outside of the VPN;

Attack the game infrastructure facilities operated by organizers.

GAME STRUCTURE /

The competition begins when the organizers announce vulnerable image decryption key. Since then the whole game time is divided into two periods:

For the first hour network segments are closed and teams should concentrate on initial vulnbox administration and vulnerabilities analysis.

For the next 8 hours network segments are opened.

SCORING SYSTEM /

Key params in scoring system are SLA and FlagPoints. Their values are individual for each service of each team. Team's score is calculated as the sum of the products of the corresponding SLA and FlagPoints of all team's services.

SLA (team, service) is the percentage of the game time, during which that service of that team was in the UP state. E.g. if the service was always UP, SLA would be 1. If 4 hours passed from the game start and the service was up only during the first hour and then was not UP for the rest 3 hours, SLA would be 0.25. At the beginning all teams have SLA equal to 1.

FlagPoints (team, service) - is the number that correlates with team’s ‘understanding’ of the service. If the team is able to exploit the vulns in the service to get flags and fixes these vulns in it’s own service, the FlagPoints will grow during the game. Otherwise, if the team is not able to exploit the vulns in service and to fix them in it’s own service, FlagPoints will decrease during the game but will never fall down to 0. If the team can only fix vulns but not exploit them, it’s FlagPoints will not change. At the beginning all teams have equal FlagPoints.

Flag's price is the number of FlagPoints got by attackers for stealing the flag from the victim.

Flag's lifetime is the amount of time during which the flag should be available in the service for checksystem. Teams should steal the flag and post it to checksystem until it is expired.

FlagPoints (team, service) decreases by the maximum value equal to the number of the teams for each stolen flag.

FlagPoints (team, service) If the flag was stolen from a team that was higher on the scoreboard in the previous round, the team that has stolen the flag earns the maximum number of FlagPoints(which is equal to the number of teams, as it was mentioned). If flag was stolen from a team that was below your team on the scoreboard, the number of FlagPoints will decrease exponentially down to 1.